Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
237
Views
0
Helpful
1
Replies

Remote Client ICMP issue

james.thurmond
Level 1
Level 1

‎02-01-2007 08:36 AM - edited ‎03-09-2019 05:19 PM

Hello, I have a 5510 running 7.2(2) and have successfully configured it to recieve connections from remote users running the cisco software client. The connection is successful, and all traffic functions with the exception of ICMP. While I can access a file share, I cannot ping the file server.

A network capture on the internal interface of the ASA shows the ping leave the interface, and the reply enters the interface (destined for the remote client), but the ASA apparently drops it before sending it over the tunnel.

Any suggestions?

Labels:
0 Helpful
1 Reply 1

drolemc
Level 6
Level 6

‎02-08-2007 07:19 AM

configure "icmp inspection". This allows a trusted IP address to traverse the firewall and allows replies back to the trusted address only. This way, all inside interfaces can ping outside and the firewall allows the replies to return. This also gives you the advantage of monitoring the ICMP traffic that traverses the firewall.

For example:

policy-map global_policy

class inspection_default

inspect icmp

Try this link:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml#q6

0 Helpful
Customers Also Viewed These Support Documents